Productive Inbox Logo

Phone: 01527 314040


IT News

Welcome to our latest news and blogs page. Click to read the latest articles below.

GDPR - are you prepared?

GDPR are you prepared

The 25th May 2018 is fast approaching - are you confident that you’ve done everything you need to do to comply with the new General Data Protection Regulation (GDPR)?

After four years of discussion, the new EU data protection framework was adopted on 8th April 2016 and it takes the form of a regulation.  The GDPR will replace the current Data Protection Act 1988 and will be directly applicable in all member states.  It takes effect from 25th May 2018 and applies to all organisations within the EU and organisations outside of the EU if they process the personal data of EU residents.  The GDPR introduces much tougher financial penalties for non-compliance with data protection.

The new GDPR contains some onerous obligations, which may take time to prepare for:

Step 1 - Competency and awareness

Be satisfied that decision makers and key people in your business are aware (and understand) that the law is changing. It’s important that they have the correct levels of competency and are aware of the impact that the GDPR may have. Be familiar with the role you play and are aware of your responsibilities under the GDPR.

Step 2 - Documentation and audit trail

It is important to maintain documented records of any personal data you hold, including its original source and who you share it with. Consider undertaking an information audit.

Step 3 - Forward planning and review

Review your current policies and privacy notices, implement a plan for making required changes in time for the implementation of the GDPR, this includes ensuring that information provided is in a clear and plain language. Evaluate your current processes to be satisfied that they cover individual rights, this includes how you delete personal data or provide data electronically. Is it in a commonly used format?

Step 5 - Data access requests

Update your procedures, develop and implement a plan to demonstrate how you will deal with requests within the new specified timescales.

Step 6 - Legal basis on which you use personal data

Examine the different types of data processing you undertake as a business and identify your legal basis for carrying it out and document it.

Step 7 - Consent and individual rights

Be clear about how you are seeking, obtaining and recording consent, it is important to understand it in order to make any required changes under the GDPR. The GDPR emphasises the importance of protecting children, consider implementing a formal system to verify children’s ages and obtain parent/guardian consent for data processing activity.

Individuals have the right to obtain information from the data controller on how their data is being used and for what purpose. This information must be provided free of charge.

The GDPR imposes restrictions on the transfer of information outside of the EU.

If rights are breached, individuals can take legal action against data controllers and data processors.

Step 8 - Impact assessment

Consider carrying out an impact assessment within your business to ensure that you can deliver the required changes in time for GDPR.

Step 9 - Data Protection Officers (DPO)

Identify if a DPO is required.

In some circumstances data controllers and data processors must designate a DPO as part of their accountability program.

The DPO must have sufficient expert knowledge and may be employed or under a service contract. Guidance issued in April 2017 clarifies that in principal the DPO should be located in the EU and should report to the highest management level.

Step 10 - International

If your business operates internationally it is important to identify which data protection supervisory authority you come under.

Check out the ICO’s guide on GDPR and see what’s changed - 2017 saw quite a few updates! Get familiar with what’s required of your organisation and be prepared to put new procedures in place to ensure that you’re fully compliant.

Productive Inbox can help businesses grasp the complications of GDPR, just drop us a line or call us on 01527 314040 for a chat about how we can help your organisation meet all of the GDPR requirements.

Added: 30 Jan 2018 15:26

Previous News and Posts

Delve into the archive of our news and posts.